[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: replication security (i)
hi quanah.
i've been using the oreilly book on ldap admin for a bit of guidance on this, but from what i can make out any changes i make to the slave stay there and aren't redirected to the master... (with readonly turned off that is)
is it password related? does it make a difference which hashed password i use for the rootdn (ie. can i use the same SSHA coded password at both ends or do i have to generate them separately?)
or am i barking up the wrong tree? :-)
john
--- On Wed 11/09, Quanah Gibson-Mount < quanah@stanford.edu > wrote:
From: Quanah Gibson-Mount [mailto: quanah@stanford.edu]
To: jhalfpenny@excite.com, OpenLDAP-software@OpenLDAP.org
Date: Wed, 09 Nov 2005 12:00:36 -0800
Subject: Re: replication security
<br><br>--On Wednesday, November 09, 2005 7:05 AM -0500 John Halfpenny <br><jhalfpenny@excite.com> wrote:<br><br>><br>> hi everybody,<br>><br>> i have a couple of small questions regarding my openldap replication<br>> setup, if anyone knows the answers i would appreciate it enormously :-)<br>><br>> if i run with a cleartext password for the updatedn, and turn off<br>> readonly on the slave, all works well, i.e.<br>><br>> master-<br>><br>> replica host=master.my.local:389<br>> binddn="cn=Manager,dc=my,dc=local"<br>> bindmethod=simple credentials=mypass<br>> syncrepl<br>><br>> slave-<br>><br>> updatedn "cn=Manager,dc=my,dc=local"<br>> referral ldap://master.my.local<br>><br>> but i have read that the slave should really be readonly, yet when i add<br>><br>> readonly on<br><br>I think you are confusing things... By "readonly" it is meant that people <br>shouldn't be able to write changes to the slave, only to the master. If <br>you have correctly set up replication, this
will be the case by default.<br><br>--Quanah<br><br><br>--<br>Quanah Gibson-Mount<br>Principal Software Developer<br>ITSS/Shared Services<br>Stanford University<br>GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html<br>
_______________________________________________
Join Excite! - http://www.excite.com
The most personalized portal on the Web!